A Minnesota judge has endorsed a settlement in which Target Corp. will pay $10 million to settle a class-action lawsuit over a massive data breach in 2013.

U.S. District Judge Paul Magnuson granted preliminary approval of the settlement after a hearing Thursday in St. Paul, Minnesota. The move will allow people to begin filing claims ahead of another hearing for final approval, which was scheduled for Nov. 10.

People affected by the breach can file for up to $10,000 with proof of their losses, including unauthorized charges, higher fees or interest rates, and lost time dealing with the problem.

“Target really needs to be commended for being willing to step up,” Magnuson said.

Target’s data breach in 2013 exposed details of as many as 40 million credit and debit card accounts and hurt its holiday sales that year. The company offered free credit monitoring for affected customers and overhauled its security systems.

The settlement would also require Minneapolis-based Target to appoint a chief information security officer, keep a written information security program and offer security training to its workers. It would be required to maintain a process to monitor for data security events and respond to such events deemed to present a threat.

“We are pleased to see the process moving forward and look forward to its resolution,” Target spokeswoman Molly Snyder said in an emailed statement.

Claims will mostly be submitted and processed online through a dedicated website.

Vincent Esades, an attorney for Target customers, said after the hearing that the settlement could end up costing Target $25 million, when attorneys’ fees and administrative costs are added in.

He said consumers will likely be able to start filing claims around April 30, and 100 million people may be eligible. Consumers can claim up to $10,000 if they can document unreimbursed losses; after those claims are paid out, the rest of the settlement funds will be divided among consumers who state under oath that they suffered a qualifying loss, but don’t have documentation. People who’ve already been fully reimbursed aren’t eligible, he said.

Esades said customers who opt out of the settlement have the right to object. Since the funds can’t be paid out until all appeals are resolved, he said, the earliest that customers would see any money would be early next year.

The chain has worked hard to lure back customers that were hesitant to shop there after the incident. Over the 2014 holiday season, Target offered free shipping on all items. It recently announced that it was cutting its minimum online purchase to qualify for free shipping in half to $25. And on Wednesday the retailer said it will now allow returns for up to a year for its private and exclusive brands.

Target’s bounce back from a turbulent stretch including the data breach and exit from Canada has been met with optimism on Wall Street. The retailer’s stock traded above $80 for the first time Monday, reaching another in a string of all-time highs that it began to log just before the crucial holiday shopping season began in December.

Earlier this month, Target said it would lay off about 1,700 people, eliminate another 1,400 unfilled positions and cut up to $2 billion in costs. It will also focus more on technology to boost online sales growth. The latter move will involve about $1 billion aimed at beefing up business from shoppers who are more likely to shop online.

Target shares fell 46 cents to close Thursday at $80.60. Its shares are up 35.5 percent over the past year.